Not Connectable over SSH Tunnel

Due to Comcast, I deliberately have my firewall blocking inbound ports for my uTorrent. I am using a proxy over a SSH Tunnel. As well, I've disabled the "Enable NAT-PMP" and "Enable UPnP" options as they aren't needed over a proxy. It appears to be working correctly, I am uploading and downloading torrents just fine. But the Torrent gives me a red exclamation mark indicating I am "Not connectable". That "a firewall/router is limiting my network traffic". I also did a "Test if port is forwarded properly" which redirects to http://www.utorrent.com/testport.php. This site seems to grab my computer IP not the proxy IP, so it always comes back as failed. I've upgraded to the latest beta and this still seems to be an issue. In the latest beta, I also discovered an option to add my "IP/Hostname to report to tracker:" I added the IP of my proxy server and I am still having the same issue.

Any assistance is appreciated unless this is an actual bug/limitation in the software.

Xavier

Problem with your setup, not µTorrent. Besides, if you block incoming with your firewall, you block anything coming over SSH too (and you need additional setup to forward incoming connections over SSH anyway)

I don't quite understand what you are saying here. Obviously if the traffic is being passed through the tunnel, then my firewall, Comcast or anything else wouldn't be able to see what ports/traffic is being passed through it. You say I need additional setup to forward incoming connections over ssh. Could you point me in the right direction? What steps do I need? If I close the tunnel, my transfers stop immediately, so as far as I can tell it is working correctly, thus I submitted this as a bug. Please tell me what more I need to do. I've searched for instructions/tutorials, but everything related to the subject, just seems rather ambiguous.

If you could help me understand what it is I am missing. Does the initial request come directly to me and then my computer redirects the user over the ssh tunnel? How can I direct everything related to uTorrent over the ssh tunnel, so nothing looks like it is being hosted from my home location? I thought that was kind of the point. Even more so when you guys added to IP/HOSTNAME to report to trackers.

Thank you,

X

A dynamic tunnel (-D) in SSH only forwards one way (in this case, outgoing).

You need to read the SSH man pages or something and read up on remote ports.

just fyi, putty's remote forwarding thing doesn't really work right, even if you check "remote ports do the same", still binds to localhost only.

Ok, I think I understand what you are saying. I did notice the only ones I am seeding are the active downloads, which sort of makes sense. I am using Putty to create the tunnel to a linux server. I am using a dynamic tunnel as you specified. I just added a forwarding "source port" on the remote to forward to the localhost and checked the option "Remote ports accept connections from other hosts". That didn't seem to help as it is still only the active downloads that are seeding. Please correct me if I am wrong, but from what I am seeing here, is that uTorrent is only aware of the local host and is seeding/working as such. This new feature about the IP/Hostname to report to tracker, might actually be the fix, but I assume it isn't working completely yet? If it was, when I do a manual test to your testport.php, wouldn't it actually tell it the tunnel's IP, not my machines IP. For now I can obviously open the port on my firewall, but it would be nice to get some better instructions on how to configure putty or perhaps "ideally" if the IP/Hostname to report option actually worked for all torrent traffic then I would be completely invisible to Comcast. Please correct me if/where I am wrong.

Thank you,

X

Problem with SSH tunneling is, it just forwards port. Not routing. Port forwarding in modems work because, your computer is using your modem to access internet as gateway. And thus with port forwarding you just remove blocking incoming connections.

But with SSH port forwarding, your access to internet is not through your ssh connection. With SSH connection you create port forwarding, that is one way. Your utorrent client wont be using your ssh connection to access internet. You can forward incoming ports of your linux server to your local machine. So users who connect to linux servers specified port will be redirected to your machine and will be requested from your machine. That where u set destination. I.E. you have setup a ssh port forwarding to linux server. Source is 80 and destination is www.google.com:80. When I request http from your linux server, your linux servers sshd will forward this request to your ssh client. your ssh client will request to www.google.com, and will return result to me. Clearly My TCP/IP connection to your linux server will be extended to your home machine + google transparently. So you can make the reverse. Putty will bind to 80 port, and you set destination as www.google.com:80. When you request localhost:80 from your browser, putty will respond it, send data over ssh tunnel and your linux server will request to www.google.com and result will come back as same way.

If you realized that, for connection of your machine to google, your browser was unaware of google as destination. Its aim was localhost. Problem arises here.

So to solve this problem you have to route your programs whole traffic through remote system.

There two solutions.

1) VPN: You can buy a VPN service. One of services I have used before is www.vpngates.com. But my intention was online game playing due to lag so i have no idea about p2p performance. And don't forget that whole your traffic will go on these remote servers so they can sniff your traffic. In security terms, it is trust relationship.

Also you can install VPN server to your linux system and you can access internet through it.

2) Sockcaps or Socks: You can install a socks server on your linux server. With sockscap program you can encapsulate your utorrent client and route all traffic through socks4 or socks5 proxy that you have installed. You can try proxy server option of utorrent too. And use your proxy server still. With sockscaps you can encapsulate most of programs to route their traffic through.

Also you can combine SSH and Socks, as setting up socks server to localhost only and forwarding local 1080 to localhost:1080 and setting proxy server as localhost:1080. In utorrent or if you are using sockscap, in sockscap.

edit:

I think most reliable method is using sockcaps with socks connection over SSLTunnel. Though companies can not throttle, inspect SSL connections. Because whole secure systems using SSL. And it is encrpyted. Using SSH instead of SSL is secure too. But they can block SSH connection, not SSL connection. That will be big problem if they start to shape SSL connections. They can not block SSL connection due to secure sites (ecommerce, banks). So socks connection over SSLTunnel should work everywhere theorotically IMO.

ISPs generally can choose to do whatever they want to your connection. Especially if you utilize peak bandwidth during any part of your service. Most let it go for occasional users, but there have been cases where people lost their internet due to such things. Generally the case is the ISP will just put you into a bracket where you are not fully utilizing your connection. The only way to "fight back" is to get enough consumer awareness to at least highlight the problem (as is the case with Comcast in the USA) and possibly get the government to step in.

The issue is that with this ISP, they are one of the largest in the United States, they aren't just selecting a few customers, they are targeting everyone. I have received confirmation they have installed equipment at each of the hubs. This then filters any traffic heading up the pipe to conserve bandwidth. So anyone in my neighbor hood could use Torrents with each other without limitation. At the local hub where they uplink to the main office, they then use equipment to have with quality control (we all know what that means). No matter if I went to business class service or not, these controls are still in place. There is no getting around it. My only options is to tunnel my traffic to a different location. I am actually one step away from moving my torrent to the linux server and hosting it there permanently. Which actually saves me headaches and bandwidth. But I have set up a two way tunnel with the server as it was suggested, the issue is, the application for some reason seems to use port 80 to obtain torrent information or something, as a result that traffic isn't being passed over the tunnel. If uTorrent can add a checkbox, to redirect all application traffic over the tunnel, including port 80 traffic. Then I can always add a port 80 open from the remote server to my pc. Thus fully isolating the traffic to/from torrents. This sounds like it might be more of a feature request then anything. I do not want to redirect everything to a remote host...that would put undo delays and unnecessary traffic to the remote host.

Thank you,

X

As described above one can setup the proxy as buffer for traffic communication OR all communication, not all peer traffic afaik